U.S. markets closed
  • S&P Futures

    +19.75 (+0.52%)
  • Dow Futures

    +141.00 (+0.47%)
  • Nasdaq Futures

    +73.50 (+0.63%)
  • Russell 2000 Futures

    +11.00 (+0.62%)
  • Crude Oil

    +0.17 (+0.19%)
  • Gold

    +11.00 (+0.64%)
  • Silver

    +0.35 (+1.71%)

    +0.0041 (+0.42%)
  • 10-Yr Bond

    +0.1420 (+3.93%)
  • Vix

    -0.52 (-1.79%)

    +0.0053 (+0.47%)

    -0.0870 (-0.06%)

    +117.29 (+0.58%)
  • CMC Crypto 200

    +3.60 (+0.78%)
  • FTSE 100

    -33.84 (-0.48%)
  • Nikkei 225

    +249.87 (+0.92%)

New Study Suggests Most Companies Are Unprepared for Data Breaches

- By Adam Lawrence

"When it comes to managing a data breach, having a response plan is simply not the same as being prepared," Michael Bruemmer, vice president at Experian Data Breach Resolution, said.

In a recent report sponsored by Experian Data Breach Resolution and conducted by Ponemon Institute, it was revealed that even though most companies have a plan in place to prepare for a data breach, most executives are not keeping these plans current nor are they confident in how effective these plans are. But it doesn't stop with corporations. Recent concerns brought by FBI Director James Comey warns lawmakers that states across the U.S. have come under attack by hackers. The main target? Election systems.

"There have been a variety of scanning activities, which is a preamble for potential intrusion activities, as well as some attempted intrusions at voter registration databases beyond those we knew about in July and August," he told the House Judiciary Committee. "There's no doubt that some bad actors have been poking around."

I wrote about the Yahoo (YHOO) security breach a few weeks back and even though it has become a glaring example of why organizations should not only have plans in place but methods for prevention, organizations and now even governments are still falling prey.

Recently it came to light that as many as 304,000,000 active customer accounts across the world from online retail giant Amazon (AMZN) could have had data leaked. According to reports, customers have been receiving emails stating that the company has discovered a list of email addresses and password sets had been posted online, which contained email addresses and passwords of many Amazon users. While Amazon stated that the list "was not Amazon-related," their "precaution" that was taken was to have users reset password information.

Similarly, it was revealed that cloud data firm Dropbox had been the victim of a data breach in 2012. But just like Yahoo, the information was not made public until August of this year. Over 68 million usernames along with "hashed and salted passwords" were stolen. Again, like Amazon, the solution was simply a security update:

"If you signed up for Dropbox before mid-2012 and reused your password elsewhere, you should change it on those services. We recommend that you create strong, unique passwords, and enable two-step verification. Also, please be alert to spam or phishing because email addresses were included in the list."

So this begs the question, "When will data and cloud dependent organizations evolve their access management systems to go beyond addressing the problems after they happen and swing to an all-in-one system to actually prevent these types of breaches in the first place?"

Tech firm Akamai Technologies (AKAM) has been making headlines recently through the current series of acquisitions being made to broaden the reach for access management and cyber security. In an all cash deal, Akamai announced that it acquired Soha Systems, an enterprise secure access-as-a-service company to further enhance the security of Akamai's cloud networking business. This happened less than one week after the company bought Concord Systems, a tech provider for high performance data processing. Neither of these acquisitions had their amounts disclosed, however, management did state that the addition of Soha technology now offers secure access technology to the company's current Cloud Networking Solutions.

"In many ways, the traditional enterprise model is 'turning inside out' with applications, employees and data moving to the cloud, well outside of the enterprise's traditional zone of control. At the same time, security and IT teams remain responsible for ensuring visibility, security and performance," explained Robert Blumofe, executive vice president, Platform, and general manager, Enterprise and Carrier Division, of Akamai in its press release.

And they are not the only company looking to take advantage of the recent surge in cyber crime. Other organizations are taking this into account to address the phase shift in enterprise security. IDdriven Inc. (IDDR) management for instance, has a long standing track record within the space even before it became a popular buzzword. In fact, CEO Arend Verweij was recruited to turnaround Bhold BV, the Netherlands-based access and identity management software company. Through raising capital and refocusing the company, he was part of the team that eventually sold the program and related IP to Microsoft (MSFT) in 2011, which MS continues to support the BHOLD program today. Geurt van Wijk, the company's COO served as COO of BHOLD BV from 2006 to 2013 and was also part of the oversight during the sale to Microsoft .

The company now offers a completely scalable, cloud-based access management software that can be role-based, zone-based, attribute-based, contract-based, fully integrates with many cloud and on-premises applications. IDdriven holds several key channel partnerships with firms across the globe, one in particular being Microsoft itself.

Outside of companies like iDdriven and Akamai, other players have grown in the space as well. Check Point Software Technologies Ltd. (CHKP) provides software for IT security including network security and security management. In the second quarter, the company continued to grow both for the 3 and 6 months ended June 30. Check Point increased total revenues by 6.9% and 7.6% respectively. The majority of those revenues came from software updates and maintenance and helped boost EPS by about 8% compared to the same quarter in 2015.

Even with company growth and industry experience from companies like these, data breaches are rampant and are quickly creating an opportunity for investors. The Experian study mentioned earlier echoes the sentiment that organizations are simply overlooking this space it isn't priority and many lack an integrated system for preventing or responding to a digital threat (internally and externally).

High demand has built out a much larger growth scenario for access management companies in general which may be why we continue to see cyber security ETF's like First Trust NASDAQ Cybersecurity ETF (CIBR)and PureFunds ISE Cyber Security ETF (HACK)continue to skyrocket. Both are up significantly since the first quarter of 2016.

Meanwhile, the market itself continues to expand. Despite the lack that some companies have, this doesn't mean there is a huge business opportunity for companies in the space. Growing at a CAGR of over 18% from 2015 to 2022, analysts are already predicting that cloud-based identity and access management market will witness 'robust' demand by 2022.

A major driver has and is expected to continue being Public sector and utilities sector organizations, which accounted for over 25% of the revenue in 2014. They're anticipated to exhibit significant growth over the next six years as enterprises become more digitally connected and could be a major reason that this sector is something for investors to be paying close attention to right now, ahead of the pending boom. And much of the risk as well as reward could be with smaller companies as the acquisition climate heats up.

Take, for instance, a company like Soha, which Akamai recently acquired. Though it was undisclosed as for the amount of the transaction, Soha raised nearly $10 million from investors originally. Other companies like LogMeIn acquired San Francisco-based startup Meldium for $15 million in cash and in one of the largest transactions to date, Ping Identity announced that it has been acquired by Vista Equity Partners. Ping is the same organization that made waves with its acquisition of Marketo, a leading marketing software firm, for $1.8 billion. It's even been rumored that companies like Google (GOOG) and Microsoft are targeting these smaller access management companies for acquisition to further enhance their own offerings.

Needless to say, it continues to be a story of if and not when the next data breach occurs and as they do, the spotlight will continue to shed a light on the companies capable of preventing these attacks from happening.

Disclosure: The author owns zero shares of any companies mentioned in this article.

Start a free 7-day trial of Premium Membership to GuruFocus.

This article first appeared on GuruFocus.